Back to skill

Security audit

Script to Video

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Revid script-to-video helper, with the main risk being that script text is sent to Revid for external rendering.

Install only if you are comfortable sending script text and rendering options to Revid using your REVID_API_KEY. Avoid submitting secrets, confidential business material, personal data, or regulated content unless you have reviewed Revid's privacy and retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs sending the full user-provided script to Revid's third-party API for rendering, but it does not clearly warn the user that their content will leave the local environment and be processed externally. This creates a privacy and data-handling risk, especially if users paste proprietary, personal, or regulated content into the script field.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.